summarize
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute scripts that interpolate variables such as
$FILEand$TOPIC_KEYWORDS. While these variables are wrapped in double quotes in the provided scripts (e.g.,ls -lh "$FILE"), this pattern still presents a potential command injection surface if the executing agent does not properly sanitize the input arguments before performing tool calls. - [PROMPT_INJECTION]: The skill is inherently vulnerable to Indirect Prompt Injection (Category 8) because its primary function involves processing and analyzing large volumes of untrusted text data from converted recordings.
- Ingestion points: The skill reads local
.txtfiles (converted.castrecordings) through tools likehead,tail,sed, andgrepand provides the output to the agent for analysis. - Boundary markers: The skill uses basic structural headers (e.g.,
=== Content Sampling ===) but lacks cryptographic delimiters or specific instructions for the agent to ignore instructions embedded within the processed text. - Capability inventory: The skill allows access to high-privilege tools including
Bash,Grep,Read,Write, andTask(which can be used to spawn sub-tasks). - Sanitization: There is no mechanism in place to sanitize or filter the content of the recording files before they are read by the agent, allowing malicious instructions within the logs to potentially influence the agent's behavior.
Audit Metadata